2 Answers
2

Accrding to the http://wiki.apparmor.net FAQ any program that has no profile is basically unprotected / unconstrained and can do any mischief in Ubuntu, almost in the same way as there would not have been any AppArmor in the first place

Right. it doesn't have a profile, so it isn't sandboxed, so it has free reign.
–
jrg♦Dec 19 '12 at 14:30

@jrg: There is no kind of "fallback profile" / "defaul rule" for the unprofiled program?
–
humanityANDpeaceDec 19 '12 at 14:32

From what I understand, no. Not at this point. Eventually they want to do LXC sandboxing (from what I've heard) for everything - so everything will be sandboxed, and then specific things will be whitelisted for everything.
–
jrg♦Dec 19 '12 at 14:33

@jrg: (1) Nice list (few packages covered though..:( (2) The irony is that LXC says this: "sorry not safe yet". Kind of defering the purpose of using a "linux container" in the first place, when its rather likely to be not safe. At present I cannot manage to get Ubunut safe neither via LXC nor AppArmor.
–
humanityANDpeaceDec 19 '12 at 14:41

I like the linked question about the "fallback profile". Seems you also put a bounty on it. Great! I have a very poor repu, so I cannot join, elsewise I would consider.
–
humanityANDpeaceDec 19 '12 at 15:05